Yifan Lu dives deep into hardware analysis of the PS Vita

You might remember Yifan Lu from a more or less private project of running unsigned code on the PS Vita through a native exploit. Or if you’re not very familiar with that aspect of the vita scene, you might know him as the guy who came up with a jailbreak for the kindle several years ago.

As he stated himself recently, the Vita has been out for 2 years, and nobody has even dumped its NAND yet (at least not publicly), while it happened for the PS4 2 weeks after its release. Deciding to take the matter in his own hands, Yifan Lu started a donation drive to get some hardware in order to look closely at the Vita’s hardware.

Namely, his goal for now is to try and dump the NAND. Now, depending on how well you know computer systems, such a goal might either sound like Klingon to you, or appear to be a trivial task that doesn’t deserve any excitement, or sound like a useless attempts… but let me describe why I think this is very cool.

I have no doubt that Sony have made their best to secure the Vita, both from hardware and software perspectives, so you shouldn’t expect a magical and immediate breakthrough from this attempt.

But that’s not why I am excited about this project. As a matter of fact, Yifan Lu admitted to have extremely limited experience in hardware hacking. And, as paradoxical as it may sound, this is exactly why I am interested in his experiment: he promised to document and report all his findings, and I think the project is extremely interesting for all of us who have absolutely no experience in that kind of stuff. His articles, including the donation drive itself, are a nice introduction into the world of hardware hacking, from a “noob’s” perspective.

In his first articles, Yifan Lu describes the hardware he uses, how he uses it, the mistakes he made, etc… That’s the type of information you will never get from seasoned hardware hackers, as they forgot how these basic things simply sound like voodoo magic to the rest of humans. A chosen bit:

“To remove the actual eMMC chip, keep the heat gun directed at the chip for a while, then use your pointy device to try to pry it off. Use a bit of force but not extreme force and be slow with the prying. This is because even though the solder below melts fairly quickly, the chip is held in place with some kind of glue”

Additionally, Yifan Lu has been posting cool pictures of the Vita motherboard, which in themselves are worth the read. Greg describes it better than I would:

Again, I am not expecting any huge breakthrough from that anytime soon, but the attempt in itself and the experience that Yifan Lu is sharing with us, makes it completely worth it in my opinion. Can’t wait for more articles!

A message for gamers as the holiday season is here: Hey Folks, it is the shopping season and that means most of us will be buying gaming stuff in November and December. Wololo.net will be looking for the best deals and let you know about them. For example in July 2016, our twitter followers and mailing list subscribers were among the first to know about an Uncharted 4 Special edition deal for $19, a 75% discount at the time! Follow us on twitter to stay up to date. I also suggest to subscribe to our deals mailing list below for full deal updates. Note: this mailing list is mostly useful for people in the US.

Name:

Email:

We do not share your email with any third party

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

You must be new to the site. This has been a tradition dating back years. To get first on this site with as many followers as Wololo has is something special and should be cherished as an “OG”. try checking some of the early posts and you will see that it is one of the unspoken gaems.

The only comments I’ve seen about the people who post “FIRST!” are usually “***” or “dude, it’s always been a tradition don’t you know?”, dating back to since people started saying first on every blog post made. It’s not unique to this site, it’s everywhere on the Internet and is often considered “annoying”.

You can read the nand the same way. Except the 3DS has nice unfilled pads that you can solder wires to while the Vita has tiny 0.5mm resistors that is hidden under a base mount that you need to remove.

It’s really good sony decided to take extra measures to make sure their chips would remain in place extending vita life and all, but can’t seem to shake the idea that maybe they took extra measures to help keep it from being fully hacked. It’s hard to believe that 2 years in and the vita is still deathly allergic to being anything like a normal handheld touchscreen :/

whoawy, you stupidness hurts, i mean when a jailbreak came out for the ps3, sony gave a update to it, and the jailbreak was gone, and let’s be honest, there are not much games for the psvita out yet (after two years), and especially not great games, and it’s a little bit annoying that whenever you bought a psvita, for a lot of money, that you also have to give like at least 40 bugs for a game that isn’t worth it

Uhm, the circustances why the PS3 was hackable are different than for the Vita. Sony did a mistake with a magic number that was fixed and not radnom, so it was possible to get into the PS3.

But I think as soon as someone can get the JTAG on a Vita working with the first commands, the rest will be just a matter of time. But until this day, well, live with what you have. The JTAG thing is always difficult, I can remember my old hacking days on the X360 and how hard we tested the JTAG for month, heck, years until someone found the bug we needed on an old console with an older software version.

Question is, has sony eFuses on the Vita? Nobody could tell by now, and if it is so, there might be a problem in the future.

But they patch the keys ihe ps3 still theirs a work around it like ode, true blue etc, if dark alex or guy liek geo hotz try to break the vita its go get done or some progress will be made but their to scared cause of sony… Every device that i know of gaming console hanheld etc pc are all hackable as far as i know well not the newest focourse ps4 and xbox one thats just my point nothing is unhackable

If you read the post, yifans was asking for donations. If he had a previous project that he asked for donations for, then after he got the money, nothing was ever said about it – then I wouldn’t donate again. Especially for buying a vita devkit,you expect some sort of reassurance that the money was spent on what it was intended for. Though, since that was not yifan, you can disregard this and my previous posts.

Credz, Yifan Lu, for starting from scratch, and for sharing the experience! If you keep it up (and can keep supplying new hardware to wreak havoc on) you definately will learn a lot and eventually most likely produce a proper dump.

I agree it’s a bit weird there’s no (public) dump to be found yet btw. Perhaps the dump will turn out to be completely random data (encrypted by HW controller) and a dump has to be done in SW from the OS to be useful?

At least hes trying something. And man that sentence about PSVita and PS4 NAND says alot about how interested hackers are about Vita…no wonder it’s 2years already, a Slim Vita was released, and still no sign of CFW even for old Vita.

All we get is some trash VHBL stuff and TN-V. People are excited about emu *** on their PS Vita. When they can simply get PPSSPP, crank the graphics filters to max, set to 1080p and make a crappy PSP game look better than a game made for Vita. Cant belive people are wasting their own life with developing VHBL and TN-V eCFW ***. And yet those are pretty much the only ones who keep Vita “scene” “alive” a bit. PS Vita the first hack proof console? nah less likely. No one seems to give two flyings about it. “Vita has been out for 2 years, and nobody has even dumped its NAND yet (at least not publicly), while it happened for the PS4 2 weeks after its release.” That looks promising! 0.0

But here’s the thing. This hack is running through an exploited game. Which may get patched just like the PSP 3000. I mean if that’s what he is trying to achieve, then I don’t really think it’s that exciting, because once Sony releases a patch, you gonna have to decide whenever you want to continue playing online, or will you stay on the exploit and play the homebrews.

Or did I read it wrong? I mean, I couldn’t find any mention on installing the hack on the PSV it self. If it just going to run through an exploited game like on the PSP 3000, then it’s not really that exciting.

Keeping a hot air gun over the chip ? Nice way to *** it up. If you need to desolder surface-mounted chips on a limited budget and not a lot of experience use Chipquik, not tools that can destroy your electronics.

I think that type of comment is what we need. I think this is mostly unknown territory for YifanLu (and for me as well), but clearly some people (including you) have experience enough to let us avoid the most obvious mistakes. Things that sound obvious to you given your experience, are probably not to 99.99% of the people on this site, so that type of comment is (would have been) valuable.

So, I would recommend you to use a 6 Watt thin soldering iron, because these make it much easier to solder to very little connections or pads and they are cheap to get from ebay (got mine for 8€). Trust me, I had a similar issue with the connection pads to be very little when I soldered my WiiKey Fusin to my Portable Gamecube with its FFC Cable and its very little connector. Also, use Soldering Paste (I don’t know the english word, but it is like soldering flux with a thicker consistence that makes it musch easier to apply to little connections and it would not flow into unwanted spots.

And pay attention to the condensators on the vita’s MB ’cause these are likely to blow up easily when hot air is applied (have experience with similar case pf desoldering something).

I wish you much luck and hope you succeed on it, because i like the idea of finding more stuff out about the vita than just about the psp emulator sandbox thing 😀

Someone on his blog also told him to use Atten 858d+ for example instead of a regular heatgun. Looking at some youtube footage, it’s definately a night and day difference. Yifan should listen you people advices.

Archives

Disclaimer: Wololo.net is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com